Looking for a Simple Spring security example [closed]

折月煮酒 提交于 2019-12-17 10:21:54

问题


I am new to spring-security (Java) and I am looking for a good and simple example of:

  1. How to use spring security for login and logout

  2. Make sure that the session exists on every page and if not redirect to the login again

  3. How get access to the current User Session

My project is currently working with spring MVC, and hibernate.
I have built the loginAPI + loginDAO, I need now to combine the security and make some of the pages secured.

I searched for tutorials, but a lot of them are very complicated.


回答1:


Well. This is I think by far is the best i have seen so far!
http://krams915.blogspot.com/2010/12/spring-security-mvc-integration_18.html




回答2:


You can look for a Single-Sign-On(e.g CAS) implementation in Spring Security. It'll serve your purpose completely.

Check Out :-

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/cas.html

https://wiki.jasig.org/display/CASC/Using+the+CAS+Client+3.1+with+Spring+Security




回答3:


This is also a great example:

http://www.mkyong.com/spring-security/spring-security-form-login-example/ http://krams915.blogspot.pt/2010/12/spring-security-3-mvc-using-simple-user.html

Both of them are well documented and are easy to modify for your propose. Krams talks about LDAP using Spring Security.




回答4:


If you haven't already watch this video by the lead developer of Spring Security. It's actually referenced on the Spring Security site but it's easy to miss. Though I do agree, good Spring Security examples are hard to come by.




回答5:


Spring Security Tutorial by MKyong

how to perform database authentication (using both XML and Annotations) in Spring Security.

Technologies used :

Spring 3.2.8.RELEASE
Spring Security 3.2.3.RELEASE
Spring JDBC 3.2.3.RELEASE
Eclipse 4.2
JDK 1.6
Maven 3
Tomcat 6 or 7 (Servlet 3.x)
MySQL Server 5.6

SecurityConfig.java

package com.mkyong.config;

import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    DataSource dataSource;

    @Autowired
    public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {

      auth.jdbcAuthentication().dataSource(dataSource)
        .usersByUsernameQuery(
            "select username,password, enabled from users where username=?")
        .authoritiesByUsernameQuery(
            "select username, role from user_roles where username=?");
    }   

    @Override
    protected void configure(HttpSecurity http) throws Exception {

      http.authorizeRequests()
        .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
        .and()
          .formLogin().loginPage("/login").failureUrl("/login?error")
          .usernameParameter("username").passwordParameter("password")
        .and()
          .logout().logoutSuccessUrl("/login?logout")
        .and()
          .exceptionHandling().accessDeniedPage("/403")
        .and()
          .csrf();
    }
}

Spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <!-- enable use-expressions -->
    <http auto-config="true" use-expressions="true">

        <intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />

        <!-- access denied page -->
        <access-denied-handler error-page="/403" />

        <form-login 
            login-page="/login" 
            default-target-url="/welcome" 
            authentication-failure-url="/login?error" 
            username-parameter="username"
            password-parameter="password" />
        <logout logout-success-url="/login?logout"  />
        <!-- enable csrf protection -->
        <csrf/>
    </http>

    <!-- Select users and user_roles from database -->
    <authentication-manager>
      <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource"
          users-by-username-query=
            "select username,password, enabled from users where username=?"
          authorities-by-username-query=
            "select username, role from user_roles where username =?  " />
      </authentication-provider>
    </authentication-manager>

</beans:beans>
  • In above congratulation, the /admin and sub-folders of it are all password protected.
  • login-page=”/login” – The page to display the custom login form
  • authentication-failure-url=”/login?error” – If authentication failed, forward to page /login?error
  • logout-success-url=”/login?logout” – If logout successful, forward to view /logout
  • username-parameter=”username” – The name of the request which contains the “username”. In HTML, this is the name of the input text.
  • <csrf/> – Enable the Cross Site Request Forgery (CSRF) protection


来源:https://stackoverflow.com/questions/4899518/looking-for-a-simple-spring-security-example

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!